package com.example.wj.controller;

import com.example.wj.common.Result;
import com.example.wj.entity.User;
import com.example.wj.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.util.HtmlUtils;

import javax.servlet.http.HttpSession;
import java.util.Objects;

@RestController
public class LoginController {

    @Autowired
    private UserService userService;

    @PostMapping("/login")
    public Result login(@RequestBody User requestUser) {

        String username = requestUser.getUsername();

        // 对html标签进行转义，防止XSS攻击
        username = HtmlUtils.htmlEscape(username);

        System.out.println("username: " + username + ", password: " + requestUser.getPassword());

        User user = userService.checkUserInfo(username, requestUser.getPassword());

        if (user != null) {
            return new Result(200);
        } else {
            return new Result(400);
        }
    }
}
